Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Edvan

[Resolvido] &nbspLog para analise

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Edvan    30

Edvan
Postado

LOG >< http://cjoint.com/12oc/BJtcuKbHHXG.htm

 

 

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 21:06:41

# Updated 14/10/2012 by Xplode

# Operating system : Windows 7 Starter (32 bits)

# User : Eduardo Ferreira - EDUARDOFERREIRA

# Boot Mode : Normal

# Running from : C:\Users\Eduardo Ferreira\Desktop\Ferramenta contra virus\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Program Files\Complitly

Folder Deleted : C:\ProgramData\IBUpdaterService

Folder Deleted : C:\Users\Eduardo Ferreira\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda

Folder Deleted : C:\Users\Eduardo Ferreira\AppData\Roaming\Complitly

Folder Deleted : C:\Users\Eduardo Ferreira\AppData\Roaming\eType

Folder Deleted : C:\Users\Eduardo Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\oxad2sqp.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Complitly

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v16.0.1 (pt-BR)

 

Profile name : default

File : C:\Users\Eduardo Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\oxad2sqp.default\prefs.js

 

C:\Users\Eduardo Ferreira\AppData\Roaming\Mozilla\Firefox\Profiles\oxad2sqp.default\user.js ... Deleted !

 

[OK] File is clean.

 

-\\ Google Chrome v22.0.1229.94

 

File : C:\Users\Eduardo Ferreira\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s1].txt - [2731 octets] - [18/10/2012 21:06:41]

 

########## EOF - C:\AdwCleaner[s1].txt - [2791 octets] ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Edvan

 

|- Desinstale: C:\Program Files\v9Soft <<

 

-/-

 

|- Baixe: < ZHPFix.zip >

|- Descompacte-o para o desktop.

|- Feche programas/pastas que estejam abertas.

|- Feche,também,o navegador!

|- Para Windows Vista,desabilite a UAC.

 

ZHPFix_silent_zps532d2db6.jpg

 

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.

|- Selecione e copie estas informações,que estão no Code,para o "Bloco de Notas".

 

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.v9.com
[MD5.B9918718C6AF9F92F9E49A01AF35DEB7] [sPRF][09/08/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Eduardo Ferreira\AppData\Local\Temp\AskSLib.dll   [248008]
[MD5.7EA21DB797AFF66C8FCED71D74BE682B] [sPRF][11/10/2012] (...) -- C:\Users\Eduardo Ferreira\AppData\Local\Temp\utt18BE.tmp.bat   [98]
[MD5.7EA21DB797AFF66C8FCED71D74BE682B] [sPRF][11/10/2012] (...) -- C:\Users\Eduardo Ferreira\AppData\Local\Temp\utt225F.tmp.bat   [98]
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} Orphean Key
O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Orphean Key
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} Orphean Key
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} Orphean Key
O3 - Toolbar: (no name) - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (...) --  (.not file.)
O42 - Logiciel: Programa de Desinstalação para Página Inicial V9 - (.ELEX Technology.) [HKLM] -- V9Software
O43 - CFD: 22/08/2012 - 12:52:20 - [0,402] ----D C:\Program Files\v9Soft
O43 - CFD: 24/03/2012 - 16:46:37 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\Dados de aplicativos
O43 - CFD: 24/03/2012 - 16:46:37 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\Histórico
O43 - CFD: 13/07/2012 - 00:00:43 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{05333854-E823-4C39-A027-ADD69C90CA11}
O43 - CFD: 02/08/2012 - 10:50:24 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{0A9AE3D3-93DB-40E6-8D16-F8E94B50522A}
O43 - CFD: 24/07/2012 - 00:41:43 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{14FA7A28-BDF0-4832-9E59-65CBC6EF65EA}
O43 - CFD: 13/07/2012 - 00:29:54 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{17779107-024D-4CA1-9D65-D14C1EB9D049}
O43 - CFD: 08/07/2012 - 05:33:52 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{24453458-A4EF-4DD4-812C-77B807442D8B}
O43 - CFD: 04/08/2012 - 19:56:02 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{39CCDC07-97D1-49AE-A61C-273354A859D4}
O43 - CFD: 14/05/2012 - 23:46:11 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{3DD76586-294B-43D7-AAB2-9B6FB6053CD5}
O43 - CFD: 12/07/2012 - 23:42:35 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{3DE125C4-EA6F-42C9-AFE5-51DE2B203C01}
O43 - CFD: 30/04/2012 - 02:27:50 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{3E3A41E3-FB89-44DA-92B9-C0C5CCBEB1DC}
O43 - CFD: 27/07/2012 - 18:34:10 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{4538432A-3C99-42B9-934D-2FAE57AAB6B6}
O43 - CFD: 04/08/2012 - 15:14:24 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{48F07BF7-508F-4EAB-AE2B-53C50AFF122A}
O43 - CFD: 10/08/2012 - 12:44:40 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{713505F3-0DDC-4CBB-8FC0-795A0353F518}
O43 - CFD: 12/07/2012 - 22:54:19 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{7DEBC4C3-EDB2-4700-9EF6-744FD136685F}
O43 - CFD: 26/04/2012 - 22:49:34 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{80B3C7B9-29BA-4C81-85A1-528D00E9EC27}
O43 - CFD: 15/07/2012 - 15:53:34 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{91567E41-013B-4EEA-8F05-9798E69D7AC0}
O43 - CFD: 19/05/2012 - 15:01:32 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{9571309B-5849-4EA4-BD2D-C03E1BF261EE}
O43 - CFD: 27/05/2012 - 17:09:25 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{9878BDFF-3A0B-4069-826D-354D49F8F342}
O43 - CFD: 16/04/2012 - 20:19:20 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{9F5F7FC8-44D7-4106-8077-603E24418256}
O43 - CFD: 16/08/2012 - 12:04:08 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{A32C2681-1630-4F5F-9C59-0F201036793E}
O43 - CFD: 22/06/2012 - 07:08:17 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{A83D4540-C180-4F23-97E3-469BFBEE3933}
O43 - CFD: 13/07/2012 - 00:41:32 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{BC74E3BF-DCF2-4E8C-9F5D-9A0B09F96CFD}
O43 - CFD: 07/08/2012 - 23:37:29 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{D0BC6F4B-3C1C-42A7-8F85-A2D0F6FC3289}
O43 - CFD: 11/06/2012 - 20:43:04 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{D12BD4F8-0C4D-4637-891E-11D91F0647BD}
O43 - CFD: 14/04/2012 - 11:03:56 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{DF3D810A-D7D1-41A7-8DC8-351EA86A00B0}
O43 - CFD: 30/07/2012 - 20:16:27 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{E6F70D44-C6E2-4631-AF2C-2DE696607A3B}
O43 - CFD: 17/07/2012 - 23:24:05 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{EF3F2116-18D5-47FF-A8D1-EBDB719D9500}
O43 - CFD: 16/08/2012 - 12:27:34 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{EF66F53A-A0D3-496C-9741-9276A99AE73E}
O43 - CFD: 13/07/2012 - 00:09:42 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{F44D0FD0-6680-45A5-85D8-1116A1C67C37}
O43 - CFD: 06/07/2012 - 16:55:06 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{F6E50B0A-8F2D-49F9-A9FD-D4F7C06AD7A5}
O43 - CFD: 17/07/2012 - 21:46:26 - [0] ----D C:\Users\Eduardo Ferreira\AppData\Local\{FBE81D2A-869B-4FB7-B762-5FD61DF58A68}
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} - (v9) - http://www.v9.com

[HKLM\Software\360Safe]    => Infection Diverse (Lozavita.Troj)
[HKLM\Software\Swearware]

proxyfix
emptytemp
emptyflash
firewallraz
sysrestore

|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"

|- Minimize o Bloco de Notas.

 

ZHPDiag_PasteClipboard.jpg

 

|- Clique no menu,"Paste ClipBoard".

|- Clique em "GO" -> Oui.

 

ZHPFix_GO.jpg

 

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.

|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado
|- Desinstale: C:\Program Files\v9Soft <<

 

Mesmo excluindo esse arquivo que estava nessa pasta, ainda assim permanece na pagina do navegador.

 

O ZHPFix.exe nao foi instalado, os únicos arquivos que foram instalado foi: ZHPDiag e MBRCheck

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Mesmo excluindo esse arquivo que estava nessa pasta, ainda assim permanece na pagina do navegador.

 

O ZHPFix.exe nao foi instalado, os únicos arquivos que foram instalado foi: ZHPDiag e MBRCheck

Olá! Edvan

 

|- Editei lá no Post anterior e inseri o link à ZHPFix.

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012

Fichier d'export Registre :

Run by Eduardo Ferreira at 19/10/2012 20:35:10

Windows 7 Starter Edition, 32-bit (Build 7600)

Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

Web site : http://nicolascoolman.skyrock.com/

 

========== Software ==========

NOT FOUND Uninstall Process: c:\program files\v9soft\v9fft.exe

 

========== Memory Module ==========

DELETED Memory Module: C:\Users\Eduardo Ferreira\AppData\Local\Temp\AskSLib.dll

 

========== Registry Key ==========

DELETED [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\V9Software]

DELETED Key*: CLSID BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}

DELETED Key*: CLSID BHO: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

DELETED Key*: CLSID BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6}

DELETED Key*: CLSID BHO: {9FDDE16B-836F-4806-AB1F-1455CBEFF289}

DELETED Key*: SearchScopes :{33BB0A4E-99AF-4226-BDF6-49120163DE86}

DELETED Key*: HKLM\Software\360Safe

DELETED Key*: HKLM\Software\Swearware

 

========== Registry Value ==========

DELETED Toolbar: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

ProxyFix : Proxy killed successfully

DELETED ProxyServer Value

DELETED ProxyEnable Value

DELETED EnableHttp1_1 Value

DELETED ProxyHttp1.1 Value

DELETED ProxyOverride Value

No Value in Standard Profile Register Key FirewallRaz :

No Value in Domain Profile Register Key FirewallRaz :

 

========== Registry Data Items ==========

REMOVED R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

REMOVED R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL

REMOVED R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant

 

========== Repertory ==========

NOT FOUND C:\Program Files\v9Soft

NOT FOUND C:\Users\Eduardo Ferreira\AppData\Local\Dados de aplicativos

NOT FOUND C:\Users\Eduardo Ferreira\AppData\Local\Histórico

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{05333854-E823-4C39-A027-ADD69C90CA11}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{0A9AE3D3-93DB-40E6-8D16-F8E94B50522A}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{14FA7A28-BDF0-4832-9E59-65CBC6EF65EA}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{17779107-024D-4CA1-9D65-D14C1EB9D049}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{24453458-A4EF-4DD4-812C-77B807442D8B}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{39CCDC07-97D1-49AE-A61C-273354A859D4}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{3DD76586-294B-43D7-AAB2-9B6FB6053CD5}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{3DE125C4-EA6F-42C9-AFE5-51DE2B203C01}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{3E3A41E3-FB89-44DA-92B9-C0C5CCBEB1DC}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{4538432A-3C99-42B9-934D-2FAE57AAB6B6}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{48F07BF7-508F-4EAB-AE2B-53C50AFF122A}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{713505F3-0DDC-4CBB-8FC0-795A0353F518}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{7DEBC4C3-EDB2-4700-9EF6-744FD136685F}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{80B3C7B9-29BA-4C81-85A1-528D00E9EC27}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{91567E41-013B-4EEA-8F05-9798E69D7AC0}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{9571309B-5849-4EA4-BD2D-C03E1BF261EE}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{9878BDFF-3A0B-4069-826D-354D49F8F342}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{9F5F7FC8-44D7-4106-8077-603E24418256}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{A32C2681-1630-4F5F-9C59-0F201036793E}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{A83D4540-C180-4F23-97E3-469BFBEE3933}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{BC74E3BF-DCF2-4E8C-9F5D-9A0B09F96CFD}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{D0BC6F4B-3C1C-42A7-8F85-A2D0F6FC3289}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{D12BD4F8-0C4D-4637-891E-11D91F0647BD}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{DF3D810A-D7D1-41A7-8DC8-351EA86A00B0}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{E6F70D44-C6E2-4631-AF2C-2DE696607A3B}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{EF3F2116-18D5-47FF-A8D1-EBDB719D9500}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{EF66F53A-A0D3-496C-9741-9276A99AE73E}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{F44D0FD0-6680-45A5-85D8-1116A1C67C37}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{F6E50B0A-8F2D-49F9-A9FD-D4F7C06AD7A5}

DELETED Folder: C:\Users\Eduardo Ferreira\AppData\Local\{FBE81D2A-869B-4FB7-B762-5FD61DF58A68}

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== File ==========

DELETED File: c:\users\eduardo ferreira\appdata\local\temp\askslib.dll

DELETED File: C:\Users\Eduardo Ferreira\AppData\Local\Temp\utt18BE.tmp.bat

DELETED File***: c:\users\eduardo ferreira\appdata\local\temp\utt18be.tmp.bat

DELETED File: C:\Users\Eduardo Ferreira\AppData\Local\Temp\utt225F.tmp.bat

DELETED File***: c:\users\eduardo ferreira\appdata\local\temp\utt225f.tmp.bat

DELETED Window Temporary:

DELETED Flash Cookies:

 

========== Restoration ==========

Restore System Point created succefully

 

 

========== Summary ==========

1 : Memory Module

8 : Registry Key

9 : Registry Value

3 : Registry Data Items

35 : Repertory

7 : File

1 : Software

1 : Restoration

 

 

End of clean in 01mn 03s

 

========== Report File ==========

C:\ZHP\ZHPFix[R1].txt - 19/10/2012 20:35:10 [5630]

 

 

 

 

P.S <> e sobre o \v9Soft ?

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Edvan

 

< V9.com >

 

|- Siga as dicas do professor WELLINGTON TELLES,na remoção do V9.com.

 

|- Tem,também,a do wings: Saiba como remover o V9.com

 

-/-

 

|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )

 

|- Clique em Salvar!

 

abbLFX11.jpg

 

|- Salve-o no desktop!

|- Duplo clique em OTL.exe >> Executar.

 

OTL_Configuracao.jpg >> OTL_Padrao.jpg

 

|- Configure "Verificação de Arquivos",segundo a screenshot!

 

OTL_SemExt2.jpg

 

|- Ps: Faça o mesmo para estes!

|- Em "Exame Extra do Registro",assinale "Nenhum".

 

*crack* /s 
*keygen* /s 
*serial* /s 
*AutoKMS* /s
*loader* /s
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
%USERPROFILE%\Desktop\registrybackup.reg /c 
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.* 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
type c:\boot.ini >> test.txt /c
%systemroot%\system32\tasks\*.* /s /64
%systemroot%\system32\Tasks\*.* /s
%windir%\tasks\*.* /s

6659d256325569c6e621117dc332966313a07d11cb5fb0ea4d9176217c7aefa76g.jpg

 

|- Cole estas informações,que estão no Code,para o campo "Exames Personalizados/Correções".

 

OTL_Verificar2.jpg

 

|- Concluindo,poste o relatório: OTL.txt

 

|- Para grandes relatórios,acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Edvan

 

|- Execute o OTL.exe.

|- Copie estas informações,que estão no Code,para o campo "Exames Personalizados/Correções".

 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=fft
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.v9.com/s#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.order.1: "v9"
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?utm_source=b&utm_medium=fft"
FF - user.js - File not found
[2012/10/18 21:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2012/10/18 21:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2012/10/18 21:11:31 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/10/18 22:51:50 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2012/10/18 21:19:53 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2012/10/18 22:41:15 | 000,000,429 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope" = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

:Files
Type C:\$Recycle.bin\S-1-5-21-2190984065-3680493698-2619012717-1000\$RZ6SLMZ\R3M26K47\t.cxt.ms\lso.swf\u.sol /C
Type C:\windows\system32\tasks\{86E4F174-CC18-4D46-8234-A296AC942FBB} /C

:Commands 
[CREATERESTOREPOINT]
[purity] 
[emptytemp] 
[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

 

OTL_RunFix.jpg

 

|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!

Prefs.js: true removed from browser.search.useDBForOrder

Prefs.js: "v9" removed from browser.search.defaultenginename

Prefs.js: "v9" removed from browser.search.order.1

Prefs.js: "v9" removed from browser.search.selectedEngine

Prefs.js: "http://www.v9.com/?utm_source=b&utm_medium=fft" removed from browser.startup.homepage

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP folder moved successfully.

C:\Program Files\ZHPDiag\Liste Spéciale folder moved successfully.

C:\Program Files\ZHPDiag folder moved successfully.

C:\ZHP\Quarantine\{FBE81D2A-869B-4FB7-B762-5FD61DF58A68}.DIR folder moved successfully.

C:\ZHP\Quarantine\{F6E50B0A-8F2D-49F9-A9FD-D4F7C06AD7A5}.DIR folder moved successfully.

C:\ZHP\Quarantine\{F44D0FD0-6680-45A5-85D8-1116A1C67C37}.DIR folder moved successfully.

C:\ZHP\Quarantine\{EF66F53A-A0D3-496C-9741-9276A99AE73E}.DIR folder moved successfully.

C:\ZHP\Quarantine\{EF3F2116-18D5-47FF-A8D1-EBDB719D9500}.DIR folder moved successfully.

C:\ZHP\Quarantine\{E6F70D44-C6E2-4631-AF2C-2DE696607A3B}.DIR folder moved successfully.

C:\ZHP\Quarantine\{DF3D810A-D7D1-41A7-8DC8-351EA86A00B0}.DIR folder moved successfully.

C:\ZHP\Quarantine\{D12BD4F8-0C4D-4637-891E-11D91F0647BD}.DIR folder moved successfully.

C:\ZHP\Quarantine\{D0BC6F4B-3C1C-42A7-8F85-A2D0F6FC3289}.DIR folder moved successfully.

C:\ZHP\Quarantine\{BC74E3BF-DCF2-4E8C-9F5D-9A0B09F96CFD}.DIR folder moved successfully.

C:\ZHP\Quarantine\{A83D4540-C180-4F23-97E3-469BFBEE3933}.DIR folder moved successfully.

C:\ZHP\Quarantine\{A32C2681-1630-4F5F-9C59-0F201036793E}.DIR folder moved successfully.

C:\ZHP\Quarantine\{9F5F7FC8-44D7-4106-8077-603E24418256}.DIR folder moved successfully.

C:\ZHP\Quarantine\{9878BDFF-3A0B-4069-826D-354D49F8F342}.DIR folder moved successfully.

C:\ZHP\Quarantine\{9571309B-5849-4EA4-BD2D-C03E1BF261EE}.DIR folder moved successfully.

C:\ZHP\Quarantine\{91567E41-013B-4EEA-8F05-9798E69D7AC0}.DIR folder moved successfully.

C:\ZHP\Quarantine\{80B3C7B9-29BA-4C81-85A1-528D00E9EC27}.DIR folder moved successfully.

C:\ZHP\Quarantine\{7DEBC4C3-EDB2-4700-9EF6-744FD136685F}.DIR folder moved successfully.

C:\ZHP\Quarantine\{713505F3-0DDC-4CBB-8FC0-795A0353F518}.DIR folder moved successfully.

C:\ZHP\Quarantine\{48F07BF7-508F-4EAB-AE2B-53C50AFF122A}.DIR folder moved successfully.

C:\ZHP\Quarantine\{4538432A-3C99-42B9-934D-2FAE57AAB6B6}.DIR folder moved successfully.

C:\ZHP\Quarantine\{3E3A41E3-FB89-44DA-92B9-C0C5CCBEB1DC}.DIR folder moved successfully.

C:\ZHP\Quarantine\{3DE125C4-EA6F-42C9-AFE5-51DE2B203C01}.DIR folder moved successfully.

C:\ZHP\Quarantine\{3DD76586-294B-43D7-AAB2-9B6FB6053CD5}.DIR folder moved successfully.

C:\ZHP\Quarantine\{39CCDC07-97D1-49AE-A61C-273354A859D4}.DIR folder moved successfully.

C:\ZHP\Quarantine\{24453458-A4EF-4DD4-812C-77B807442D8B}.DIR folder moved successfully.

C:\ZHP\Quarantine\{17779107-024D-4CA1-9D65-D14C1EB9D049}.DIR folder moved successfully.

C:\ZHP\Quarantine\{14FA7A28-BDF0-4832-9E59-65CBC6EF65EA}.DIR folder moved successfully.

C:\ZHP\Quarantine\{0A9AE3D3-93DB-40E6-8D16-F8E94B50522A}.DIR folder moved successfully.

C:\ZHP\Quarantine\{05333854-E823-4C39-A027-ADD69C90CA11}.DIR folder moved successfully.

C:\ZHP\Quarantine folder moved successfully.

C:\ZHP folder moved successfully.

C:\Users\Public\Desktop\ZHPFix.lnk moved successfully.

File C:\PhysicalDisk0_MBR.bin not found.

C:\Program Files\Mozilla Firefox\searchplugins\v9.xml moved successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope" | {0633EE93-D776-472f-A0FF-E1416B8B2E3A} /E : value set successfully!

========== FILES ==========

< Type C:\$Recycle.bin\S-1-5-21-2190984065-3680493698-2619012717-1000\$RZ6SLMZ\R3M26K47\t.cxt.ms\lso.swf\u.sol /C >

C:\Users\Eduardo Ferreira\Desktop\Ferramenta contra virus\cmd.bat deleted successfully.

C:\Users\Eduardo Ferreira\Desktop\Ferramenta contra virus\cmd.txt deleted successfully.

< Type C:\windows\system32\tasks\{86E4F174-CC18-4D46-8234-A296AC942FBB} /C >

<?xml version="1.0" encoding="UTF-16"?>

<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">

<RegistrationInfo />

<Triggers>

<RegistrationTrigger>

<Enabled>true</Enabled>

</RegistrationTrigger>

</Triggers>

<Settings>

<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>

<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>

<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>

<AllowHardTerminate>true</AllowHardTerminate>

<StartWhenAvailable>false</StartWhenAvailable>

<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>

<IdleSettings>

<Duration>PT10M</Duration>

<WaitTimeout>PT1H</WaitTimeout>

<StopOnIdleEnd>true</StopOnIdleEnd>

<RestartOnIdle>false</RestartOnIdle>

</IdleSettings>

<AllowStartOnDemand>true</AllowStartOnDemand>

<Enabled>true</Enabled>

<Hidden>false</Hidden>

<RunOnlyIfIdle>false</RunOnlyIfIdle>

<WakeToRun>false</WakeToRun>

<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>

<Priority>7</Priority>

</Settings>

<Actions Context="Author">

<Exec>

<Command>C:\windows\system32\pcalua.exe</Command>

<Arguments>-a "C:\Users\Eduardo Ferreira\Desktop\Ferramenta contra virus\ZHPDiag2.exe" -d "C:\Users\Eduardo Ferreira\Desktop\Ferramenta contra virus"</Arguments>

</Exec>

</Actions>

<Principals>

<Principal id="Author">

<UserId>EduardoFerreira\Eduardo Ferreira</UserId>

<LogonType>InteractiveToken</LogonType>

<RunLevel>LeastPrivilege</RunLevel>

</Principal>

</Principals>

</Task>

C:\Users\Eduardo Ferreira\Desktop\Ferramenta contra virus\cmd.bat deleted successfully.

C:\Users\Eduardo Ferreira\Desktop\Ferramenta contra virus\cmd.txt deleted successfully.

========== COMMANDS ==========

System Restore Service not available.

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Eduardo Ferreira

->Temp folder emptied: 197680588 bytes

->Temporary Internet Files folder emptied: 38012244 bytes

->FireFox cache emptied: 876171871 bytes

->Google Chrome cache emptied: 53223724 bytes

->Flash cache emptied: 7103 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5686452 bytes

RecycleBin emptied: 46910558 bytes

 

Total Files Cleaned = 1.161,00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 10202012_100842

 

Files\Folders moved on Reboot...

File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Edvan

 

|- Conseguiu remover o V9Soft?

|- Seus logs estão limpos! ;)

 

-/-

 

|- Caso esteja tudo Ok,apague seus Pontos de restauração.

|- Abra a ferramenta OTL.

 

:COMMANDS

[CLEARALLRESTOREPOINTS]

[reboot]

|- Rode este script.

|- Cole as informações que estão no Código,para o campo "Exames Personalizados Correções".

|- Clique em Consertar.

|- Ps: Haverá reboot! <- Aguarde!

|- Abra,novamente,a ferramenta OTL -> Clique em Limpeza. <- Confirme!

|- O computador irá reiniciar!

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado
Conseguiu remover o V9Soft?

 

Desculpe a demora, conseguir hoje acessar remotamente o pc de meu irmão.

 

Não conseguir remover o V9Soft, as dicas do WELLINGTON TELLES não deram certo.

 

P.S: Estranho não encontrei o arquivo old_iexplore

 

65961115.jpg

 

Link: http://forum.imasters.com.br/topic/470002-saiba-como-remover-v9com/

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Edvan

 

|- Desculpe-me a demora,pois fui ao enterro de minha irmã. :cry:

-/-

 

|- Baixe: < SEAF > ( ... de C_XX )

|- Descompacte-o para o desktop!

|- Para Windows Vista ou 7,dê clique direito em SEAF.exe e execute-o como administrador.

 

acyIcF9Y.jpg

 

|- Siga a sequência numérica,em seus procedimentos:

 

|- < 1 > Neste campo,cole a(s) ocorrência(s)...no caso: iexplore.exe

|- < 2 > Em "Calculer le checksum",escolha "MD5".

|- < 3 > Em "[ Options du registre ]",marque: "Chercher également dans le registre"

|- < 4 > Clique em "Lancer la recherche" <- Aguarde!

 

|- Ps: Na mensagem,clique em "Non".

|- Ao concluir,teremos o relatório: C:\SeafLog.txt <- Poste-o!

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado
Boa Noite! Edvan

 

|- Desculpe-me a demora,pois fui ao enterro de minha irmã.

 

Meus sinceros pêsames meu amigo. :upset:

 

1. ========================= SEAF 1.0.1.0 - C_XX

2.

3. Commencé à: 19:49:20 le 24/10/2012

4.

5. Valeur(s) recherchée(s):

6. iexplore.exe

7.

8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès

9.

10. (!) --- Calcul du Hash "MD5"

11. (!) --- Recherche registre

12.

13. ====== Fichier(s) ======

14.

15.

16. "C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui" [ ARCHIVE | 6 Ko ]

17. TC: 31/03/2012,01:55:28 | TM: 31/03/2012,01:55:28 | DA: 31/03/2012,01:55:28

18.

19. Hash MD5: 4C71CCB3C8817185E67210856778831F

20.

21.

22. =========================

23.

24.

25. "C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui" [ ARCHIVE | 6 Ko ]

26. TC: 31/03/2012,01:57:34 | TM: 31/03/2012,01:57:34 | DA: 31/03/2012,01:57:34

27.

28. Hash MD5: CF5D2D3D54DE91D2C66796D33E4D6431

29.

30.

31. =========================

32.

33.

34. "C:\Program Files\Internet Explorer\iexplore.exe" [ ARCHIVE | 748 Ko ]

35. TC: 31/03/2012,01:55:26 | TM: 31/03/2012,01:55:27 | DA: 31/03/2012,01:55:26

36.

37. Hash MD5: 904E13BA41AF2E353A32CF351CA53639

38.

39.

40. =========================

41.

42.

43. "C:\Program Files\Internet Explorer\pt-BR\iexplore.exe.mui" [ ARCHIVE | 6 Ko ]

44. TC: 31/03/2012,01:56:44 | TM: 31/03/2012,01:56:44 | DA: 31/03/2012,01:56:44

45.

46. Hash MD5: 24DD72929583E7B11B416E495D1CFD67

47.

48.

49. =========================

50.

51.

52. "C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe" [ ARCHIVE | 218 Ko ]

53. TC: 10/08/2012,13:15:03 | TM: 03/07/2012,13:46:42 | DA: 10/08/2012,13:15:03

54.

55. Hash MD5: 8A7F34F0BBD076EC3815680A7309114F

56.

57.

58. =========================

59.

60.

61. "C:\Windows\erdnt\cache\iexplore.exe" [ ARCHIVE | 748 Ko ]

62. TC: 16/08/2012,13:07:20 | TM: 31/03/2012,01:55:27 | DA: 16/08/2012,13:07:20

63.

64. Hash MD5: 904E13BA41AF2E353A32CF351CA53639

65.

66.

67. =========================

68.

69.

70. "C:\Windows\Prefetch\IEXPLORE.EXE-058FE8F5.pf" [ NOT_CONTENT_INDEXED|ARCHIVE | 327 Ko ]

71. TC: 24/03/2012,23:23:37 | TM: 19/10/2012,23:35:37 | DA: 24/03/2012,23:23:37

72.

73. Hash MD5: 6B5A1D3E7521DF1B2B790CE3F5469842

74.

75.

76. =========================

77.

78.

79. "C:\Windows\SoftwareDistribution\Download\4a7f49b3f65af6828820068e5dd598c8\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_b5780d7c8309d95c\iexplore.exe" [ ARCHIVE | 673 Ko ]

80. TC: 14/04/2012,23:07:27 | TM: 20/11/2010,09:22:51 | DA: 14/04/2012,23:07:27

81.

82. Hash MD5: C613E69C3B191BB02C7A191741A1D024

83.

84.

85. =========================

86.

87.

88. "C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_pt-br_ae8fc5b02a7c9448\iexplore.exe.mui" [ ARCHIVE | 5 Ko ]

89. TC: 17/11/2010,21:19:49 | TM: 17/11/2010,21:19:49 | DA: 17/11/2010,21:19:49

90.

91. Hash MD5: 4F5AB163F1D2026CF41EB1C44CD70F21

92.

93.

94. =========================

95.

96.

97. "C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_af24a2f3bab71a43\iexplore.exe.mui" [ ARCHIVE | 5 Ko ]

98. TC: 14/07/2009,01:54:43 | TM: 13/07/2009,23:05:06 | DA: 14/07/2009,01:54:43

99.

100. Hash MD5: FBA4CD95930248053A2C3F43CA70B986

101.

102.

103. =========================

104.

105.

106. "C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_es-es_aeefffd7bade0be8\iexplore.exe.mui" [ ARCHIVE | 5 Ko ]

107. TC: 17/11/2010,21:28:32 | TM: 17/11/2010,21:28:32 | DA: 17/11/2010,21:28:32

108.

109. Hash MD5: 123B6D9F52FC5F76E05E06C049494710

110.

111.

112. =========================

113.

114.

115. "C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_pt-br_b0c0d978276b17e2\iexplore.exe.mui" [ ARCHIVE | 5 Ko ]

116. TC: 17/11/2010,21:19:49 | TM: 17/11/2010,21:19:49 | DA: 17/11/2010,21:19:49

117.

118. Hash MD5: 4F5AB163F1D2026CF41EB1C44CD70F21

119.

120.

121. =========================

122.

123.

124. "C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_aae2948effb95a30\iexplore.exe.mui" [ ARCHIVE | 6 Ko ]

125. TC: 31/03/2012,01:55:28 | TM: 31/03/2012,01:55:28 | DA: 31/03/2012,01:55:28

126.

127. Hash MD5: 4C71CCB3C8817185E67210856778831F

128.

129.

130. =========================

131.

132.

133. "C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_es-es_aaadf172ffe04bd5\iexplore.exe.mui" [ ARCHIVE | 6 Ko ]

134. TC: 31/03/2012,01:57:34 | TM: 31/03/2012,01:57:34 | DA: 31/03/2012,01:57:34

135.

136. Hash MD5: CF5D2D3D54DE91D2C66796D33E4D6431

137.

138.

139. =========================

140.

141.

142. "C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_pt-br_ac7ecb136c6d57cf\iexplore.exe.mui" [ ARCHIVE | 6 Ko ]

143. TC: 31/03/2012,01:56:44 | TM: 31/03/2012,01:56:44 | DA: 31/03/2012,01:56:44

144.

145. Hash MD5: 24DD72929583E7B11B416E495D1CFD67

146.

147.

148. =========================

149.

150.

151. "C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe" [ ARCHIVE | 673 Ko ]

152. TC: 13/07/2009,20:43:32 | TM: 13/07/2009,22:17:29 | DA: 13/07/2009,20:43:32

153.

154. Hash MD5: 2C32E3E596CFE660353753EABEFB0540

155.

156.

157. =========================

158.

159.

160. "C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_b378134285f73a44\iexplore.exe" [ ARCHIVE | 673 Ko ]

161. TC: 26/03/2012,23:19:57 | TM: 16/12/2011,05:03:08 | DA: 26/03/2012,23:19:57

162.

163. Hash MD5: 38668C6CADABC9487C683FADD3D165D0

164.

165.

166. =========================

167.

168.

169. "C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_b429fa439ef58435\iexplore.exe" [ ARCHIVE | 673 Ko ]

170. TC: 26/03/2012,23:19:57 | TM: 16/12/2011,06:19:51 | DA: 26/03/2012,23:19:57

171.

172. Hash MD5: C53E41F92B19EC97D987F968403BEC49

173.

174.

175. =========================

176.

177.

178. "C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe" [ ARCHIVE | 748 Ko ]

179. TC: 31/03/2012,01:55:26 | TM: 31/03/2012,01:55:27 | DA: 31/03/2012,01:55:26

180.

181. Hash MD5: 904E13BA41AF2E353A32CF351CA53639

182.

183.

184. =========================

185.

186.

187.

188. ====== Entrée(s) du registre ======

189.

190.

191. [HKLM\Software\Classes\*\OpenWithList\IExplore.exe]

192. DA: 14/07/2009 01:41:24

193.

194. [HKLM\Software\Classes\.swf\OpenWithList\IExplore.exe]

195. DA: 02/08/2012 11:16:35

196.

197. [HKLM\Software\Classes\Applications\iexplore.exe]

198. DA: 16/08/2012 14:00:10

199.

200. [HKLM\Software\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32]

201. ""=""C:\Program Files\Internet Explorer\iexplore.exe"" (REG_SZ)

202.

203. [HKLM\Software\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\DefaultIcon]

204. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

205.

206. [HKLM\Software\Classes\CLSID\{3050F3D9-98B5-11CF-BB82-00AA00BDCE0B}\DefaultIcon]

207. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

208.

209. [HKLM\Software\Classes\CLSID\{30590066-98b5-11cf-bb82-00aa00bdce0b}\DefaultIcon]

210. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

211.

212. [HKLM\Software\Classes\CLSID\{30590067-98b5-11cf-bb82-00aa00bdce0b}\DefaultIcon]

213. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

214.

215. [HKLM\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile\DefaultIcon]

216. ""="%ProgramFiles%\Internet Explorer\iexplore.exe,-17" (REG_SZ)

217.

218. [HKLM\Software\Classes\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile\DefaultIcon]

219. ""="%ProgramFiles%\Internet Explorer\iexplore.exe,-32554" (REG_SZ)

220.

221. [HKLM\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\NoAddOns\Command]

222. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -extoff" (REG_SZ)

223.

224. [HKLM\Software\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]

225. ""=""C:\Program Files\Internet Explorer\iexplore.exe"" (REG_SZ)

226.

227. [HKLM\Software\Classes\CLSID\{AE24FDAE-03C6-11D1-8B76-0080C744F389}\ToolboxBitmap32]

228. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

229.

230. [HKLM\Software\Classes\CLSID\{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E}\LocalServer32]

231. ""=""%ProgramFiles%\Internet Explorer\iexplore.exe" -startmediumtab" (REG_EXPAND_SZ)

232.

233. [HKLM\Software\Classes\ftp\shell\open\command]

234. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

235.

236. [HKLM\Software\Classes\giffile\shell\Open\command]

237. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

238.

239. [HKLM\Software\Classes\htmlfile\shell\open\command]

240. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

241.

242. [HKLM\Software\Classes\htmlfile\shell\opennew\command]

243. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

244.

245. [HKLM\Software\Classes\http\shell\open\command]

246. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

247.

248. [HKLM\Software\Classes\https\shell\open\command]

249. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

250.

251. [HKLM\Software\Classes\IE.AssocFile.HTM\DefaultIcon]

252. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

253.

254. [HKLM\Software\Classes\IE.AssocFile.HTM\shell\open\command]

255. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

256.

257. [HKLM\Software\Classes\IE.AssocFile.HTM\shell\opennew\command]

258. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

259.

260. [HKLM\Software\Classes\IE.AssocFile.MHT\DefaultIcon]

261. ""="C:\Program Files\Internet Explorer\iexplore.exe,-32554" (REG_SZ)

262.

263. [HKLM\Software\Classes\IE.AssocFile.MHT\shell\open\command]

264. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

265.

266. [HKLM\Software\Classes\IE.AssocFile.MHT\shell\opennew\command]

267. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

268.

269. [HKLM\Software\Classes\IE.AssocFile.PARTIAL\DefaultIcon]

270. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

271.

272. [HKLM\Software\Classes\IE.AssocFile.PARTIAL\shell\open\command]

273. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

274.

275. [HKLM\Software\Classes\IE.AssocFile.SVG\DefaultIcon]

276. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

277.

278. [HKLM\Software\Classes\IE.AssocFile.SVG\shell\open\command]

279. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

280.

281. [HKLM\Software\Classes\IE.AssocFile.SVG\shell\opennew\command]

282. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

283.

284. [HKLM\Software\Classes\IE.AssocFile.WEBSITE\Shell\Open\Command]

285. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -w "%l" %*" (REG_SZ)

286.

287. [HKLM\Software\Classes\IE.AssocFile.XHT\DefaultIcon]

288. ""="C:\Program Files\Internet Explorer\iexplore.exe,-19" (REG_SZ)

289.

290. [HKLM\Software\Classes\IE.AssocFile.XHT\shell\open\command]

291. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

292.

293. [HKLM\Software\Classes\IE.AssocFile.XHT\shell\opennew\command]

294. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

295.

296. [HKLM\Software\Classes\IE.FTP\shell\open\command]

297. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

298.

299. [HKLM\Software\Classes\IE.HTTP\shell\open\command]

300. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

301.

302. [HKLM\Software\Classes\IE.HTTPS\shell\open\command]

303. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

304.

305. [HKLM\Software\Classes\MacromediaFlashPaper.MacromediaFlashPaper\shell\open\command]

306. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome "%1"" (REG_SZ)

307.

308. [HKLM\Software\Classes\mhtmlfile\shell\open\command]

309. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

310.

311. [HKLM\Software\Classes\mhtmlfile\shell\opennew\command]

312. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

313.

314. [HKLM\Software\Classes\Microsoft.Website\Shell\Open\Command]

315. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -w "%l" %*" (REG_SZ)

316.

317. [HKLM\Software\Classes\MSSppLicenseFile\shell\open\command]

318. ""=""iexplore.exe" "%1"" (REG_SZ)

319.

320. [HKLM\Software\Classes\svgfile\DefaultIcon]

321. ""="%ProgramFiles%\Internet Explorer\iexplore.exe,-17" (REG_EXPAND_SZ)

322.

323. [HKLM\Software\Classes\svgfile\shell\open\command]

324. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

325.

326. [HKLM\Software\Classes\svgfile\shell\opennew\command]

327. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

328.

329. [HKLM\Software\Classes\VisioViewer.Viewer\shell\open\command]

330. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

331.

332. [HKLM\Software\Classes\XEV.GenericApp\shell\open\command]

333. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_EXPAND_SZ)

334.

335. [HKLM\Software\Classes\XEV.OriginalApp\shell\open\command]

336. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_EXPAND_SZ)

337.

338. [HKLM\Software\Classes\xhtmlfile\shell\open\command]

339. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_SZ)

340.

341. [HKLM\Software\Classes\xhtmlfile\shell\opennew\command]

342. ""=""C:\Program Files\Internet Explorer\iexplore.exe" %1" (REG_SZ)

343.

344. [HKLM\Software\Classes\xslfile\shell\Open\command]

345. ""=""C:\Program Files\Internet Explorer\iexplore.exe" -nohome" (REG_EXPAND_SZ)

346.

347. [HKLM\Software\Clients\StartMenuInternet]

348. ""="IEXPLORE.EXE" (REG_SZ)

349.

350. [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE]

351. DA: 24/10/2012 19:38:18

352.

353. [HKLM\Software\Microsoft\Internet Explorer\AdvancedOptions\CRYPTO\LMZ_LOCKDOWN]

354. "ValueName"="iexplore.exe" (REG_SZ)

355.

356. [HKLM\Software\Microsoft\Internet Explorer\Capabilities]

357. "ApplicationDescription"="@C:\Program Files\Internet Explorer\iexplore.exe,-706" (REG_EXPAND_SZ)

358.

359. [HKLM\Software\Microsoft\Internet Explorer\Capabilities\Startmenu]

360. "StartmenuInternet"="IEXPLORE.EXE" (REG_SZ)

361.

362. [HKLM\Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{0002df01-0000-0000-c000-000000000046}]

363. "AppName"="iexplore.exe" (REG_SZ)

364.

365. [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0002df01-0000-0000-c000-000000000046}]

366. "AppName"="iexplore.exe" (REG_SZ)

367.

368. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BEHAVIORS]

369. "iexplore.exe"="1" (REG_DWORD)

370.

371. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]

372. "iexplore.exe"="1" (REG_DWORD)

373.

374. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]

375. "iexplore.exe"="1" (REG_DWORD)

376.

377. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]

378. "iexplore.exe"="1" (REG_DWORD)

379.

380. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]

381. "iexplore.exe"="0" (REG_DWORD)

382.

383. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]

384. "iexplore.exe"="1" (REG_DWORD)

385.

386. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_HANDLING]

387. "iexplore.exe"="1" (REG_DWORD)

388.

389. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MIME_SNIFFING]

390. "iexplore.exe"="1" (REG_DWORD)

391.

392. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_OBJECT_CACHING]

393. "iexplore.exe"="1" (REG_DWORD)

394.

395. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]

396. "iexplore.exe"="0" (REG_DWORD)

397.

398. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]

399. "iexplore.exe"="1" (REG_DWORD)

400.

401. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]

402. "iexplore.exe"="1" (REG_DWORD)

403.

404. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]

405. "iexplore.exe"="1" (REG_DWORD)

406.

407. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_XSSFILTER]

408. "iexplore.exe"="1" (REG_DWORD)

409.

410. [HKLM\Software\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ZONE_ELEVATION]

411. "iexplore.exe"="1" (REG_DWORD)

412.

413. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.3g2]

414. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

415.

416. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.3gp]

417. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

418.

419. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.3gp2]

420. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

421.

422. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.3gpp]

423. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

424.

425. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.aac]

426. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

427.

428. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.adt]

429. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

430.

431. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.adts]

432. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

433.

434. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.aif]

435. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

436.

437. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.aifc]

438. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

439.

440. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.aiff]

441. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

442.

443. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.au]

444. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

445.

446. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m1v]

447. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

448.

449. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m2t]

450. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

451.

452. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m2ts]

453. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

454.

455. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m2v]

456. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

457.

458. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m4a]

459. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

460.

461. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.m4v]

462. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

463.

464. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mid]

465. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

466.

467. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.midi]

468. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

469.

470. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mod]

471. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

472.

473. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mov]

474. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

475.

476. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mp2]

477. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

478.

479. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mp2v]

480. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

481.

482. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mp4]

483. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

484.

485. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mp4v]

486. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

487.

488. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpa]

489. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

490.

491. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpe]

492. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

493.

494. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpeg]

495. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

496.

497. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpg]

498. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

499.

500. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mpv2]

501. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

502.

503. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.mts]

504. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

505.

506. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.rmi]

507. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

508.

509. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.snd]

510. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

511.

512. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.ts]

513. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

514.

515. [HKLM\Software\Microsoft\Multimedia\WMPlayer\Extensions\.tts]

516. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

517.

518. [HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/3gpp]

519. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

520.

521. [HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/3gpp2]

522. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

523.

524. [HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/aiff]

525. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

526.

527. [HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/vnd.dlna.adts]

528. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

529.

530. [HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\audio/x-aiff]

531. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

532.

533. [HKLM\Software\Microsoft\Multimedia\WMPlayer\MIME Types\video/vnd.dlna.mpeg-tts]

534. "ReplaceApps"="wmplayer.exe|iexplore.exe" (REG_SZ)

535.

536. [HKLM\Software\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\iexplore.exe]

537. DA: 24/10/2012 19:38:24

538.

539. [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\System Programs]

540. "iexplore"="iexplore.exe" (REG_SZ)

541.

542. [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE]

543. DA: 24/10/2012 19:38:25

544.

545. [HKLM\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\PenService]

546. "iexplore.exe"="596fd73c-fff3-4d3f-81d3-8af2955f3547" (REG_SZ)

547.

548. [HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]

549. "iexplore.exe"="1" (REG_DWORD)

550.

551. [HKU\S-1-5-21-2190984065-3680493698-2619012717-1000\Software\Elantech\Favorite]

552. "0"="C:\Program Files\Internet Explorer\iexplore.exe" (REG_SZ)

553.

554. [HKU\S-1-5-21-2190984065-3680493698-2619012717-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\eb156df7_0]

555. ""="{0.0.0.00000000}.{56adf903-e198-43ee-86a8-5c37dcf8fb77}|\Device\HarddiskVolume3\Program Files\Internet Explorer\iexplore.exe%b{00000000-0000-0000-0000-000000000000}" (REG_SZ)

556.

557. [HKU\S-1-5-21-2190984065-3680493698-2619012717-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]

558. "iexplore.exe"="1" (REG_DWORD)

559.

560. [HKU\S-1-5-21-2190984065-3680493698-2619012717-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]

561. "ProcessName"="iexplore.exe" (REG_SZ)

562.

563. [HKU\S-1-5-21-2190984065-3680493698-2619012717-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]

564. "Name"="iexplore.exe" (REG_SZ)

565.

566. [HKU\S-1-5-21-2190984065-3680493698-2619012717-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]

567. "Name"="iexplore.exe" (REG_SZ)

568.

569. [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]

570. "iexplore.exe"="1" (REG_DWORD)

571.

572. =========================

573.

574. Fin à: 20:03:32 le 24/10/2012

575. 354743 Éléments analysés

576.

577. =========================

578. E.O.F

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Edvan

 

:Files
copy "C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_b135ff17c80c1949\iexplore.exe" "C:\Program Files\Internet Explorer\iexplore.exe" /c
%systemroot%\prefetch\*.*
:commands
[reboot]

|- Baixe,novamente,a OTL e cole estas informações que estão no Code,para o campo "Exames Personalizados/Correções".

|- Clique à seguir,em Consertar.

|- Delete o atalho do IE que está no desktop e estabeleça novo atalho à partir do arquivo iexplore.exe que está em "c:\program files\internet explorer\iexplore.exe".

|- Poste o relatório!

 

-/-

 

|- Abra a ferramenta SEAF e cole no campo a ocorrência: v9soft

|- Mantenha as configurações ou sequência,dada anteriormente.

|- Poste o relatório!

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado

Desculpe a demora, pois só tive acesso a maquina do meu irmão agora!

 

 

1. ========================= SEAF 1.0.1.0 - C_XX

2.

3. Commencé à: 19:37:34 le 31/10/2012

4.

5. Valeur(s) recherchée(s):

6. v9soft

7.

8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès

9.

10. (!) --- Calcul du Hash "MD5"

11. (!) --- Recherche registre

12.

13. ====== Fichier(s) ======

14.

15. Aucun fichier trouvé

16.

17.

18. ====== Entrée(s) du registre ======

19.

20. Aucun élément dans le registre trouvé

21.

22. =========================

23.

24. Fin à: 19:47:23 le 31/10/2012

25. 365529 Éléments analysés

26.

27. =========================

28. E.O.F

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! Edvan

 

|- Conseguiu executar a cópia,disposta ao script,com a OTL?

|- Ps: Essa cópia pode ser realizada,manualmente,sem o concurso da ferramenta.

|- A investigação com SEAF,não detectou entradas relacionadas ao v9.com.

 

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Edvan    30

Edvan
Postado
Conseguiu executar a cópia,disposta ao script,com a OTL?

 

Fiz sim, já está tudo ok!. :thumbsup:

 

Sobre o v9.com., fiz conforme orientado por você e não está mais aparecendo. :clap:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito